CVE-2024-40780

MEDIUM

iOS <16.7.9 - Info Disclosure

Title source: llm

Description

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to an unexpected process crash.

References (29)

Core 29

Core References

https://support.apple.com/en-us/120908

https://support.apple.com/en-us/120909

https://support.apple.com/en-us/120911

https://support.apple.com/en-us/120913

https://support.apple.com/en-us/120914

https://support.apple.com/en-us/120915

https://support.apple.com/en-us/120916

Mailing List, Third Party Advisory

http://seclists.org/fulldisclosure/2024/Jul/15

Mailing List, Third Party Advisory

http://seclists.org/fulldisclosure/2024/Jul/16

Mailing List, Third Party Advisory

http://seclists.org/fulldisclosure/2024/Jul/17

Mailing List, Third Party Advisory

http://seclists.org/fulldisclosure/2024/Jul/18

Mailing List, Third Party Advisory

http://seclists.org/fulldisclosure/2024/Jul/21

Mailing List, Third Party Advisory

http://seclists.org/fulldisclosure/2024/Jul/22

Mailing List, Third Party Advisory

http://seclists.org/fulldisclosure/2024/Jul/23

Release Notes, Vendor Advisory

https://support.apple.com/en-us/HT214116

Release Notes, Vendor Advisory

https://support.apple.com/en-us/HT214117

Release Notes, Vendor Advisory

https://support.apple.com/en-us/HT214119

Release Notes, Vendor Advisory

https://support.apple.com/en-us/HT214121

Release Notes, Vendor Advisory

https://support.apple.com/en-us/HT214122

Release Notes, Vendor Advisory

https://support.apple.com/en-us/HT214123

Release Notes, Vendor Advisory

https://support.apple.com/en-us/HT214124

Third Party Advisory

https://www.secpod.com/blog/apple-fixes-multiple-security-vulnerabilities-in-july-2024-updates/

Mailing List

https://lists.debian.org/debian-lts-announce/2024/09/msg00006.html

Vendor Advisory

https://support.apple.com/kb/HT214116

Vendor Advisory

https://support.apple.com/kb/HT214117

Vendor Advisory

https://support.apple.com/kb/HT214119

Vendor Advisory

https://support.apple.com/kb/HT214122

Vendor Advisory

https://support.apple.com/kb/HT214123

Vendor Advisory

https://support.apple.com/kb/HT214124

Scores

CVSS v3 5.5

EPSS 0.0013

EPSS Percentile 31.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-125

Status published

Products (14)

Apple/iOS and iPadOS < 16.7.9

Apple/iOS and iPadOS < 17.6

apple/ipados < 16.7.9

apple/iphone_os < 16.7.9

apple/macos < 14.6

Apple/macOS < 14.6

apple/safari < 17.6

Apple/Safari < 17.6

apple/tvos < 17.6

Apple/tvOS < 17.6

... and 4 more

Published Jul 29, 2024

Tracked Since Feb 18, 2026